Using Barcode recognizer for .NET Control to read, scan read, scan image in VS .NET applications.

www.OnBarcode.com

Your administrators will be able to log in and perform various administrative tasks. In this chapter, you re only implementing catalog administration features, but at stage two of development, you ll also have them manage customers orders. When implementing your own order-processing system, you ll handle customer accounts yourself and store sensitive data such as customer credit cards, phone numbers, and so on. This makes it obvious how important it is to plan ahead for implementing secure connections to the sensitive areas of your web site.

HTTP isn t a secure protocol, and even if your site protects sensitive areas using passwords (or other forms of authentication), the transmitted data could be intercepted and stolen. To avoid this, you need to set up the application to work with SSL (Secure Socket Layer) connections, using the HTTPS protocol (Hypertext Transport Protocol - Secure). To do this, you have a bit of groundwork to get through first. Unless you have already been using an SSL connection on your web server, you are unlikely to have the correct configuration to do so. This configuration involves obtaining a security certificate for your server and installing it on your Apache web server. (If the hosting service is provided by a third party, the hosting service probably also has an option of enabling SSL.) Security certificates are basically public-private key pairs similar to those used in asynchronous encryption algorithms. You can generate these if your domain controller is configured as a certification authority, but if you re not a trusted certification authority, this method may be problematic. Digitally signed SSL certificates may cause browsers that use these certificates to be unable to verify the identity of your certification authority and therefore doubt your security. When someone accesses secure pages whose certificate isn t issued by a trusted certification authority, the browser will show a warning message. This isn t disastrous when securing pages that are to be visited by your company personnel, but would certainly affect customer confidence if such a warning message shows up, for example, when they try to pay for their order. To set up Apache on your own, we recommend you check out the article at http://www. sitepoint.com/article/securing-apache-2-server-ssl. Because enabling SSL can be a timeconsuming process, for test purposes, you can get an already-configured Apache version from http://www.devside.net/web/server/free/download. Review Appendix A for more details. The alternative is to obtain SSL certificates from a known and respected organization that specializes in web security, such as: VeriSign (http://www.verisign.com/) Thawte (http://www.thawte.com/) InstantSSL (http://www.instantssl.com/) Web browsers have built-in root certificates from organizations such as these and are able to authenticate the digital signature of SSL certificates supplied by them. This means that no warning message will appear, and an SSL-secured connection will be available with a minimum of fuss. For example, in Opera, you can see the name of the company that registered the SSL certificate next to the URL (see Figure 7-5).

Using Barcode encoder for Java Control to generate, create Code-39 image in Java applications.

www.OnBarcode.com

Figure 7-5. Opening a secured web page in Opera For the purpose of this chapter, I ve installed the XAMPP package, with comes with an SSL-enabled Apache server. My local machine issued the certificate, which, as you can guess, isn t in the list of trusted certificate providers. With this setup, I can show you what you get when loading an HTTPS address that doesn t have a trusted certificate (see Figure 7-6).

Using Barcode creator for Java Control to generate, create Barcode image in Java applications.

www.OnBarcode.com

Figure 7-6. Certificate signer not found If you click View, you can see that the certificate has been issued by localhost, for Apache Friends. Apache Friends (http://www.apachefriends.org) is the maker of the XAMPP package.